1. Technical Field
The present disclosure relates to the field of information security and authentication devices, systems and processes. More specifically, the present disclosure relates to authentication devices, systems and processes that utilize biometric information to identify and authenticate a user.
2. Background Information
Various methods, devices and systems have been devised to ensure secure authentication of users desiring to access a secure network or computer resources within an enterprise and other environments. In addition to the use of traditional usernames and passwords, other approaches and technologies have evolved. For example, the SecureID™ authentication technology developed by RSA Security, a division of EMC Corporation, controls access to VPN's or other secure networks using a token held in the user's possession which displays a time-varying code to the user. The user inputs the code in combination with a PIN in order to verify the user's ID. Variants of this technology, including the RSA SecureID™ 800 product, provide a USB drive form factor and support a master key and storage of password information on a USB storage device provided with encryption technology. Such authentication technology is vulnerable to security risks insofar as knowledge of the user's PIN and possession of the hardware token are all that are needed for access to secure network resources. Additionally, software solutions that require specific server administration interfaces present a known target and methodology for individuals to attack. Other technologies, such as the Vector Segment Technology™ provided by Bio-Key International of Wall, N.J., include software-based fingerprint authentication applications that require additional hardware to be present for use by the user.
Such technologies, while more robust than traditional username/password authentication, still suffer from the drawback that the authentication is not “real” in the sense that there still exists a risk that the person or entity with the token device and username/password information is not the real person assumed to be in possession of both. Another drawback is that, even in cases where the true person is inputting the authentication information, it is still typically typed in by a user and transmitted, possibly unencrypted, over the network and is thus susceptible to various security risks, including phishing or interception.
Biometric devices, which typically sense or detect one or more immutable, biological attributes, have been utilized to provide improved identification of individuals desiring access to physical and network environments. However, biometric authentication has not been widely adopted in the area of authentication of users of secure physical and network resources. The most significant challenges to adopting biometric authentication are the need for additional equipment, including multiple devices for the same individual and the lack of portability as the biometric technology is typically physically integrated with individual computer hardware. In addition, some systems utilize local storage of actual fingerprint images, which presents a security risk. Still further, software-based systems perform matching within the software are therefore open to hacking, man-in-the-middle attacks, phishing, etc. Yet another challenge arises when specific client side certificates or other security related applications are required to be installed. In addition, portability and mobility of authentication capabilities are impaired when authentication devices and processes become platform or device specific.
Accordingly, there is a need in the art for authentication devices, systems and processes that address the aforementioned shortcomings and disadvantages.